S1 



APPLICATION 

MAKES 
REQUEST TO 
SEND DATA 



S2 



SYN PACKET 
SENT 




NO 



S5 



WAIT FOR TIME 

X 



S6 



RESEND SYN 




NO 



S8 



INCREASE TIME 
X 



YES 



YES 



S4 




SEND DATA 



YES 



WAIT FOR TIME 
X 



S9 



RESEND SYN 



S10 



S11 



NO 



S12 




YES 



NO 



S13 



END 
CONNECTION 
ATTEMPT ^ 



PRIOR ART 
FIG. 2 



in 



m 



30 



SECURITY ASSOCIATION 
NEGOTIATION 
COMPONENT 



22 



24 



26 



28 



APPLICATION 



I 



NETWORK 
INTERCEPTOR 



I 



TCP/IP 
STACK 



I 



IPSEC 
PACKET 
CLASSIFIER 



32 




SECURITY 
ASSOCIATION 
DATABASE 



34 




SECURITY 

POLICY 
DATABASE 



FIG. 3 



S16 



Application 
requests 
TCP 
connection 




No- 



Yes 




Yes 



S21 



S22 



ill 
Q 



IKE 
Component 
Negotiation 



Notify IKE of need 
for security 
association 
establishment 



Fail connection 
request 



Yes 



Asynchronous notification of 
success/failure in 
establishing security 
association 




S25 



Yes- 



Save security 
association 
information 



S24 



S26 



Mark socket so 
won't try again. 



Allow request to 
complete 



FIG. 4 



S30 



Application 
sends 
UDP 
data 



5 = 1 



in 



S38 



IKE 

Component - 



Asynchronous notification of 
success/failure in 
establishing security 
association 




Yes 



Mark socket so 
won't try again. 



Allow request to 
complete 



FIG. 5 



